computer, mobile, cloud and general technology tips & tricks ...

Menu

Wednesday, January 19, 2005

Well, I guess security attacks come from every angle. You have to make sure you're covered at every angle right?

I suppose that's time to let you in on a secret (if you can call a publicly available KB Article a secret :) ). Tarpitting is the act of slowing an attacker down so they can't accomplish their task in a short period of time. Usually if an attacker can't do something quickly, unless you're a target, they are going to give up.

After that response, type "mail to: foobar@{yourdomain}.com". Notice that it takes about 10 seconds to respond with "Invalid Address"... That is if you don't have anyone named foobar at your company. :o)

Pretty cool eh!? It will take quite a bit longer now to enumerate the addresses on your server using a dictionary attack.

3
comments:

Anonymous
said...

Sean,

In version of 1.0 of KB842851, download of 885881 hotfix was available for download and date of Smtpsvc.dll was 16-Sep-2004. Now in version 5.0 Microsoft has pulled the download and is available through PSS and the date of Smtpsvc.dll is 22-May-2004.Is it different from previous version and does it mean that those of us who have already applied it must reapply it.